For decades, Microsoft Windows was the computer platform of choice — not just for the overhwelming majority of computer users, but also for a growing legion of malware creators. As the dominant computing platform, it offered the fattest, most lucrative target, and some of its fundamental architecture decisions made it vulnerable to many kinds of malware.

With the transition to the mobile era, Windows is no longer at the center of the computing universe — for users or for hackers. That role is now occupied by Android. According to Stephen Cobb, a distinguished security researcher for the IT security company ESET, “Android is like early Windows.” It’s now the locus for security attacks and prevention — even if it’s not getting as much attention in this regard as Windows used to.

Flying Under The Radar?

“There’s so much malware on Android, you’d think it would be a huge deal,” Cobb said. And the growth of is “huge,” he added, “both in the number of malware exploits and their increasing sophistication. The rate of growth in Android malware is impressive, and scary.”

(See also Sloppy App Development Leaves Android Owners At Risk)

At this week’s RSA conference in San Francisco, ESET did a live demo on Android, downloading an infected app that roots the phone and opens it up to whatever the attacker wants to do with it — including dumping out its entire contents in a few seconds over the Internet.

Why aren’t we hearing more about Android’s security problems? “It’s death by 1000 cuts,” Cobb said. Instead of emptying the bank accounts of infected users, the malware is more often used to for premium-rate SMS fraud against mobile carriers, “which isn’t bankrupting anyone immediately. They’re flying under the radar.”

“I don’t think the criminal underground is sophisticated enough that it is holding back,” Cobb said. It’s just that when a mobile platform is the target, “the model is many times a smaller attack — or you can look at it as part of a larger attack.”

Read the full article: readwrite